![]() |
![]() |
![]() |
|
![]() | |
|
![]() |
From experience, a significant number of computer breakins (perhaps the majority) can be traced back to a poorly-chosen password. In most of the cases, passwords are the first weakness tried by an attacker. The password is the most vital part of account security. If an attacker can discover a user's password, he or she can then log in to the system and operate with all the capabilities of that user. Such an attack is usually hard to detect and can last for months. Why should I care?The answer is easy. You should care because if someone uses your account to do bad things you might have no means to prove that it was not you. It's like letting anyone drive your car, you would then be responsible for all the fines... What is a good password?A good password is:
Although this seems quite restrictive, it's easy to pick good passwords. How can I choose a good password?The programs that try to guess passwords (or the attacker of a machine) do not try all existing passwords, they only try a large number of "frequently used" passwords. So if you stay out of this search space you are safe; to do so you can follow the following guidelines: First, here is what you should not do:
Then, here is what you should do:
Finally, here are some methods of making passwords:
Please note that if you use mixed-case characters, do not use the following methods (they are tried by most cracking programs):
Also, don't append or prepend a character to a word from a dictionary (for instance `7tables' or `secret!') or use simple substitutions like o==>0 or s==>$ (for instance `sn00py' or even `$n00py'), most cracking programs will also try these... Why should I change my "good" password?Even if you choose a good password, it can still be discovered: someone may see you typing it, he may capture it by snooping the network... One can also setup a fake machine or terminal and record all the passwords it sees. Another commonly used source of passwords is the "invalid login" file, some people do not pay attention and type the password instead of the user name, the log file then contains lines like: joe ttyp9 Wed Apr 28 09:37 XSecret! pty/ttys0 Fri Feb 26 15:15 - 15:16 (00:00) fred pty/ttys0 Fri Feb 26 15:16 - 14:27 (87+22:11) For all these reasons it is wise to change your passwords from time to time, a minimum frequency is twice a year. Can I use the same "good" password for all my accounts?This is delicate to answer. The underlying problem is that if someone finds your password for one account (see previous section) he then may be able to use other accounts on other machines with the same password. One thing is clear: you should not use trivial rules to generate your passwords. For instance if you've got several accounts on the machines hplhc01, hplhc06... and the passwords are `seXret01', `seXret06'..., this is clearly inefficient. An attacker can easily deduce the passwords you used and the length of the fixed part of the password (in this example `seXret') is reduced, this implies that you will have less choices to find new passwords.
On the other hand, if an attacker broke into one of your accounts, he
has several possibilities to break into other accounts: he can use the
autologin facilities (`.rhosts' on UNIX), he can ruin your X
security and then grab the passwords you type (see next chapter), he can
install a fake So, in our opinion, the best thing is to have different passwords for all your accounts with no obvious similarities. If you can't (for instance because you have too many accounts), it's acceptable to have the same password if it's a really good one and if you change it often (for instance once per month). This page is a slightly modified version of Lionel Cons's security handbook at CERN. Duplication was authorized by the author. |